Registered Practitioner Organization
McLeod Information Systems specializes in CMMC compliance and is a Registered Provider Organization (RPO) authorized by the CMMC Accreditation Body (CMMC-AB) to provide consulting services to DoD contractors seeking CMMC certification. In addition, with multiple Registered Practitioners (RP) available on staff, we have the credentials and expertise to guide your organization in becoming CMMC audit ready and maintaining compliance post certification.
What is CMMC?
The Cybersecurity Maturity Model Certificating (CMMC) encompasses maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced or Progressive”. The DoD will use the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place.
CMMC is built upon existing requirements:
NIST SP 800-171
NIST SP 800-53
How we can assist
MIS will start with a no-obligation telephone discussion to explain the CMMC implementation process, identify your unique situation and needs, and prepare a detailed proposal. The proposal is customized and typically includes a reasonable fixed-price so that you can budget.
Our proposal will include at the minimum:
- Gap Analysis – We can help you identify the gap between your current state and the CMMC level you wish to meet
- Remediation Plan - We can help you with preparing your Plan of Action and Milestones (POAM) and Corrective Action Plan (CAP) and in tracking your remediation activities and milestones. We can also assist in remediating findings. Remember that in order to achieve CMMC certification, all open items must be remediated.
- Pre-assessment readiness review. We make sure all security practices are in place, policy and procedures are written and evidence is gathered for each practice. This will streamline the Third-party assessment and save on cost.